Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Home/BOTNET, Compromised, Evilproxy, Internet Security, malicious cyber actors, Security Advisory, Security Update, Tips, vulnerability/Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices.

About CVE-2023-27992

CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially crafted HTTP request.

The following versions are impacted by CVE-2023-27992 –

  • NAS326 (V5.21(AAZF.13)C0 and earlier, patched in V5.21(AAZF.14)C0),
  • NAS540 (V5.21(AATB.10)C0 and earlier, patched in V5.21(AATB.11)C0), and
  • NAS542 (V5.21(ABAG.10)C0 and earlier, patched in V5.21(ABAG.11)C0)

The alert comes two weeks after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two flaws in Zyxel firewalls (CVE-2023-33009 and CVE-2023-33010) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

There is currently no indication that CVE-2023-27992 is being actively exploited. Since Zyxel does not mention workarounds or mitigations, owners/admins of the aforementioned NAS device models are advised to quickly upgrade to the latest firmware version.

‍Follow Us on: Twitter, InstagramFacebook to get the latest security news!

About the Author:

FirstHackersNews- Identifies Security

Leave A Comment

Subscribe to our newsletter to receive security tips everday!